This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enabing HSTS in FNMS On-Prem and Inventory Beacons

mfeinman
By
Level 9

Hi all ...

My connections between agents and the inventory beacons, and the inventory beacons & FNMS, and from a browser to /Suite,  are all via https.

On my inventory beacons, can I safely enable HSTS? If so, to which sites?

tempo.png

On my FNMS server, I see that HSTS is already set up (out of the box) for the following sites:

  • ECMBusinessPortal
  • SAPOptimization
  • Suite

What about the others? Is it "safe" to enable HSTS there, too?

tempo1.png

I'm trying to cut down on Nessus / CloudStrike-type scan  notifications.

--Mark

‎Oct 30, 2024 02:27 PM

0 Kudos
(1) Reply

erwin_lindemann
By
Level 6

You can safely enable HTTP Strict Transport Security (HSTS) for all folders on the IIS server used on your Beacon. Flexera calls this 'enforcing Mutual TLS'.

There are certain requirements for enforcing the HTTPS Protocol specifically on UNIX Agents that you should be aware of.

For non-Windows agents, certificate checking requires that a copy of the certificate for the root CA is available on the managed device. One way to ensure this is deploying a copy of all root CA certificates in a file named 'cert.pem' file on all non-Windows computers.

‎Oct 30, 2024 04:00 PM

0 Kudos